I have a websever running IIs 6.0 and the .Net 2.0 framework. I'm trying to encrypt sections of a web.config file on one of the websites that I host on this server. I have about 20 different websites each with their own IP address.
From several MSDN docs and posts here and there I've learned that I can use the aspnet_regiis command to encrypt certain sections of my web.config. I'd like to encrypt the sections that contain passwords - such as the connectionStrings and the mailSettings. (I'm trying to implement the new Membership classes and the login control).
My problem is that the documentation I have says a couple of things that I'm not sure how to do.
1. In one place in the MSDN doc ( http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000006.asp ) it says:
To encrypt the connectionStrings section, run the following command from a .NET command prompt:
aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider"
The above command with the -app switch assumes that there is an IIS virtual directory called MachineDPAPI. If you are using the Visual Studio .NET 2005 Web server instead of IIS, use the -pef switch, which allows you to specify the physical directory location of your configuration file.
The -pe switch specifies the configuration section to encrypt.
The -pef switch specifies

I have a webApplication in which i want to encrypt the data using Public key and whan it reach to the destination webapplication it will decrypted there with corresponding private key . Is there is any way to creating this pair of key? Is there is other way of doing this.Pls. Suggest.......

Today's stupid mistake comes to you via the web.config file in an ASP.NET 4 Web application project. At runtime, when navigating to default.aspx, ASP.NET choked with this error message: Parser Error Message: Sections must only appear once per config file. See the help topic <location> for exceptions. Source Error: Line 14: <location path="default.aspx"> Line 15: <system.web> Line 16: ...(read more)

Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff....any suggestions? Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?

.NET 4 includes a new version of the CLR, and a new .NET 4 specific machine.config file (which is installed side-by-side with the one used by .NET 2, .NET 3 and .NET 3.5).

The new .NET 4 machine.config file now automatically registers all of the ASP.NET tag sections, handlers and modules that we've added over the years, including the functionality for:

.ASP.NET AJAX .ASP.NET Dynamic Data .ASP.NET Routing (which can now be used for both ASP.NET WebForms and ASP.NET MVC) .ASP.NET Chart Control (which now ships built-into ASP.NET V4) What this means is that when you create a new "Empty ASP.NET application" project in VS 2010, you'll find that the new default application-level web.config file is now clean and simple:

One of my NUnit tests has to read in some values from config files. In my main application this process works perfectly well, however when I run the unit test, the code that reads in the values from the config files doesnt read anything in. Ive tried putting app.config in my unit test project (I even tried web.config) but nothing seems to work. Are there any special steps involved when reading from config files in an nunit test ?

I have a web application that is actually installed as a component of a third party site. In some configurations, I need to remove certain connection strings and re-add them. I'm replacing this web.config section with a xml file that includes the following:

Do you have a Web site or other system that deals in secrets of any sort? It seems like every time I give a security talk, people ask how to deal with the sticky problem of storing secrets. Connection strings with passwords are an obvious problem.

Even though you've been using ASP. NET for a while, how much do you really know about ASP. NET configuration files? While you've probably touched the Web. config file from time to time, there are some nuances involved in configuring ASP.

Critical sections, a mechanism that prohibits more than one thread at a time from executing a particular section of code, is a topic that has not received much attention and thus tends not to be well understood. A solid understanding of critical sections in Windows can really come in handy when you need to track down multithreading performance issues in your code. This articles delves under the hood of critical sections to reveal information useful in finding deadlocks and in pinpointing performance problems. It also includes a handy utility program that shows all of your critical sections and their current states.